# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).
{ config, lib, pkgs, ... } @ args:
{
imports =
[ # Include the results of the hardware scan.
./hardware-configuration.nix
];
# Use the GRUB 2 boot loader.
boot.loader.systemd-boot.enable = true;
# boot.loader.grub.efiSupport = true;
# boot.loader.grub.efiInstallAsRemovable = true;
# boot.loader.efi.efiSysMountPoint = "/boot/efi";
# Define on which hard drive you want to install Grub.
# boot.loader.grub.device = "/dev/sda"; # or "nodev" for efi only
nix.settings.experimental-features = [ "nix-command" "flakes" ];
nix.package = pkgs.nixVersions.nix_2_28;
nix.gc = {
automatic = true;
options = "--delete-older-than 30d";
};
nix.optimise.automatic = true;
system.autoUpgrade = {
enable = true;
allowReboot = true;
};
networking.hostName = "pschdev"; # Define your hostname.
networking.firewall = {
enable = true;
allowedTCPPorts = [ 80 443 7777 9418 ];
};
# Set your time zone.
time.timeZone = "Europe/Amsterdam";
# Configure network proxy if necessary
# networking.proxy.default = "http://user:password@proxy:port/";
# networking.proxy.noProxy = "127.0.0.1,localhost,internal.domain";
# Select internationalisation properties.
i18n.defaultLocale = "de_DE.UTF-8";
console = {
font = "Lat2-Terminus16";
keyMap = "de-latin1-nodeadkeys";
# useXkbConfig = true; # use xkb.options in tty.
};
# Define a user account. Don't forget to set a password with ‘passwd’.
users.users.ps = {
isNormalUser = true;
extraGroups = [ "wheel" ]; # Enable ‘sudo’ for the user.
packages = with pkgs; [
];
};
users.users.live = {
isSystemUser = true;
group = "live";
home = "/srv/live";
createHome = true;
useDefaultShell = true;
};
users.groups.live = {};
security = {
polkit.enable = true;
sudo.wheelNeedsPassword = false;
};
# nixpkgs.config.allowUnfree = true;
# List packages installed in system profile. To search, run:
# $ nix search wget
environment.systemPackages = with pkgs; [
vim wget file git fzf bat
helix
gitui
bintools
btop htop
systemctl-tui
tmux
md4c
highlight
python312Packages.pygments
pkg-config
];
environment.shellAliases = {
snrs = "sudo nixos-rebuild switch --flake /etc/nixos#default";
snrt = "sudo nixos-rebuild test --flake /etc/nixos#default";
snrb = "sudo nixos-rebuild boot --flake /etc/nixos#default";
senc = "sudo ${pkgs.helix}/bin/hx /etc/nixos/configuration.nix";
};
# git
users.users.git = {
isSystemUser = true;
group = "git";
home = "/srv/git";
createHome = true;
homeMode = "750";
shell = "${pkgs.git}/bin/git-shell";
packages = with pkgs; [
python3 # for blog git-hook
];
};
users.groups.git = {};
programs.git = {
enable = true;
config = {
init.defaultBranch = "main";
user.name = "Patrick";
user.email = "patrick.schoenberger@posteo.de";
};
};
services.gitDaemon = {
enable = true;
basePath = "/srv/git";
repositories = [ "/srv/git" ];
exportAll = true;
port = 9418;
};
# Enable the OpenSSH daemon.
services.openssh = {
enable = true;
extraConfig = ''
Match user git
AllowTcpForwarding no
AllowAgentForwarding no
PasswordAuthentication no
PermitTTY no
X11Forwarding no
'';
};
services.qemuGuest.enable = true;
# virtualisation.qemu.guestAgent.enable = true;
programs.mosh.enable = true;
services.caddy = {
enable = true;
virtualHosts."psch.dev".extraConfig = ''
basic_auth /julius_cam/* { test $2a$14$iKv0GlwavCunG0zQbaf2fOl4r4/8k8gDKUVUouu9Q3o.MfSDkp6Te }
root * /srv/www
file_server
'';
virtualHosts."chirp.psch.dev".extraConfig = ''
reverse_proxy http://localhost:8080 {
request_buffers 8192
}
'';
};
services.caddy.virtualHosts."git.psch.dev".extraConfig = ''
encode gzip zstd
@assets path /cgit.css /cgit.png /favicon.ico /robots.txt
handle /cgithub/* {
file_server {
root /srv/cgithub
}
}
handle @assets {
file_server {
root ${pkgs.cgit}/cgit
}
}
handle {
reverse_proxy unix//run/fcgiwrap-git.sock {
transport fastcgi {
env CGIT_CONFIG ${pkgs.writeText "cgitrc" ''
snapshots=tar tar.gz zip
enable-git-config=1
enable-index-owner=0
section-from-path=1
virtual-root=/
module-link=/%s/commit/?id=%s
clone-url=https://git.psch.dev/$CGIT_REPO_URL git://psch.dev/$CGIT_REPO_URL ssh://git@psch.dev/~/$CGIT_REPO_URL
noplainemail=1
side-by-side-diffs=1
about-filter=${pkgs.writeShellScript "markdown-filter" ''
echo ''
${pkgs.md4c}/bin/md2html --github --ftables
echo '
'
''}
# source-filter=${pkgs.cgit}/lib/cgit/filters/syntax-highlighting.py
head-include=/srv/cgithub/head-include.html
footer=/srv/cgithub/footer.html
readme=:readme.md
readme=:Readme.md
readme=:ReadMe.md
readme=:README.md
scan-path=/srv/git
''}
env SCRIPT_FILENAME ${pkgs.cgit}/cgit/cgit.cgi
}
}
}
'';
# virtualHosts."git.psch.dev".extraConfig = ''
# reverse_proxy unix//run/anubis/anubis-cgit.sock
# '';
services.caddy.virtualHosts."gitweb.psch.dev".extraConfig = ''
handle /static/* {
file_server {
root ${pkgs.gitweb}
}
}
handle {
reverse_proxy unix//run/fcgiwrap-git.sock {
transport fastcgi {
env GITWEB_CONFIG ${pkgs.writeText "gitweb.conf" ''
$projectroot = "/srv/git";
$base_url = "/";
$feature{'pathinfo'}{'default'} = [1];
$default_projects_order = "age";
$omit_owner = true;
$site_html_head_string = "";
''}
env SCRIPT_FILENAME ${pkgs.gitweb}/gitweb.cgi
}
}
}
'';
# virtualHosts."gitweb.psch.dev".extraConfig = ''
# reverse_proxy unix//run/anubis/anubis-gitweb.sock
# '';
services.anubis = {
defaultOptions = {
user = "caddy";
group = "caddy";
};
# instances.cgit.settings.TARGET = "http://localhost:8082/cgit";
# instances.gitweb.settings.TARGET = "http://localhost:8082";
};
services.fcgiwrap.instances."git" = {
process.user = "git";
process.group = "git";
socket.user = "caddy";
socket.group = "caddy";
};
users.users.chirp = {
isSystemUser = true;
group = "chirp";
home = "/var/lib/chirp";
createHome = true;
};
users.groups.chirp = {};
systemd.services.chirp = {
description = "Chirp SystemD Service";
wantedBy = ["multi-user.target"];
after = ["network.target"];
serviceConfig = {
WorkingDirectory = "/var/lib/chirp";
ExecStart = "${args.inputs.chirp.packages.${pkgs.system}.default}/bin/chirp";
Restart = "always";
Type = "simple";
User = "chirp";
Group = "chirp";
};
};
# Copy the NixOS configuration file and link it from the resulting system
# (/run/current-system/configuration.nix). This is useful in case you
# accidentally delete configuration.nix.
# system.copySystemConfiguration = true;
# This option defines the first version of NixOS you have installed on this particular machine,
# and is used to maintain compatibility with application data (e.g. databases) created on older NixOS versions.
#
# Most users should NEVER change this value after the initial install, for any reason,
# even if you've upgraded your system to a new NixOS release.
#
# This value does NOT affect the Nixpkgs version your packages and OS are pulled from,
# so changing it will NOT upgrade your system - see https://nixos.org/manual/nixos/stable/#sec-upgrading for how
# to actually do that.
#
# This value being lower than the current NixOS release does NOT mean your system is
# out of date, out of support, or vulnerable.
#
# Do NOT change this value unless you have manually inspected all the changes it would make to your configuration,
# and migrated your data accordingly.
#
# For more information, see `man configuration.nix` or https://nixos.org/manual/nixos/stable/options#opt-system.stateVersion .
system.stateVersion = "24.05"; # Did you read the comment?
}